Re: [PATH v2 1/2] qemu: move temp file of screenshot and memorypeek to autoDumpPath
On 9/13/2021 7:23 PM, Daniel P. Berrangé wrote: > On Mon, Sep 13, 2021 at 07:11:04PM +0800, Peng Liang wrote: >> The temp files of screenshot and memory peek, which are created by QEMU, >> are put in the cache directory. However, the caches of domain >> capabilities, which are created and used by libvirtd, are also put in >> the cache directory. In order to make the cache directory more secure, >> move the temp files of screenshot and memory peek to autoDumpPath. >> >> Since the temp files are just temporary files and are only used by >> libvirtd (libvirtd will delete them after use), the use of screenshot >> and memory peek will be affected. > > autoDumpPath does nt look like the right thing to be using here. > Why don't we just put these files in a subdirectory of the cache > dir to avoid the problem with capabilities ? > Ah, I just find that autoDumpPath is for watchdog event to auto-dump a guest. But I think the files libvirtd put in the cache directory (except capabilites) are just temporary files instead of cache files. So IMHO, a subdir in the cache directory is also not the perfect path for these files. How about putting these files in the pre-domain dir (e.g. /var/lib/libvirt/qemu/domain-1-test)? > > Regards, > Daniel > Thanks, Peng
Re: [PATH v2 1/2] qemu: move temp file of screenshot and memorypeek to autoDumpPath
On Mon, Sep 13, 2021 at 07:11:04PM +0800, Peng Liang wrote: > The temp files of screenshot and memory peek, which are created by QEMU, > are put in the cache directory. However, the caches of domain > capabilities, which are created and used by libvirtd, are also put in > the cache directory. In order to make the cache directory more secure, > move the temp files of screenshot and memory peek to autoDumpPath. > > Since the temp files are just temporary files and are only used by > libvirtd (libvirtd will delete them after use), the use of screenshot > and memory peek will be affected. autoDumpPath does nt look like the right thing to be using here. Why don't we just put these files in a subdirectory of the cache dir to avoid the problem with capabilities ? Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
[PATH v2 1/2] qemu: move temp file of screenshot and memorypeek to autoDumpPath
The temp files of screenshot and memory peek, which are created by QEMU,
are put in the cache directory. However, the caches of domain
capabilities, which are created and used by libvirtd, are also put in
the cache directory. In order to make the cache directory more secure,
move the temp files of screenshot and memory peek to autoDumpPath.
Since the temp files are just temporary files and are only used by
libvirtd (libvirtd will delete them after use), the use of screenshot
and memory peek will be affected.
Signed-off-by: Peng Liang
---
src/qemu/qemu_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index dfc27572c461..e929e950e848 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3431,7 +3431,7 @@ qemuDomainScreenshot(virDomainPtr dom,
}
}
-tmp = g_strdup_printf("%s/qemu.screendump.XX", cfg->cacheDir);
+tmp = g_strdup_printf("%s/qemu.screendump.XX", cfg->autoDumpPath);
if ((tmp_fd = g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR))
== -1) {
virReportSystemError(errno, _("g_mkstemp(\"%s\") failed"), tmp);
@@ -10692,7 +10692,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
if (virDomainObjCheckActive(vm) < 0)
goto endjob;
-tmp = g_strdup_printf("%s/qemu.mem.XX", cfg->cacheDir);
+tmp = g_strdup_printf("%s/qemu.mem.XX", cfg->autoDumpPath);
/* Create a temporary filename. */
if ((fd = g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)) ==
-1) {
--
2.31.1
